The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 221 to 228.
130 Million Aadhaar Numbers Were Made Public, Says New Report
http://editors.cis-india.org/internet-governance/news/the-wire-may-1-2015-130-million-aadhaar-numbers-were-made-public-says-new-report
<b>The research report looks at four major government portals whose poor information security practices have exposed personal data including bank account details.</b>
<p style="text-align: justify; ">The article was <a href="https://thewire.in/130948/aadhaar-card-details-leaked/">published in the Wire</a> on May 1, 2017. This was also mirrored on <a class="external-link" href="http://www.mensxp.com/technology/latest/36661-over-130-million-aadhaar-numbers-bank-details-were-leaked-way-are-not-surprised.html">MensXP.com</a> on May 5, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><span>Irresponsible information security practices by a major central government ministry and a state government may have exposed up to 135 million Aadhaar numbers, according to a new research report released on Monday.</span></p>
<p style="text-align: justify; "><span>The<a href="https://thewire.in/118250/government-expose-personal-data-thousands-indians/" rel="noopener noreferrer" target="_blank" title=" last two months "> last two months </a>have seen a wave of data leaks, mostly due improper information security practices, from various central government and state government departments.</span></p>
<p style="text-align: justify; ">This <a rel="noopener noreferrer" target="_blank" title="new report">new report</a>, released by the Centre for Internet and Society, studied four government databases. The first two belong to the rural development ministry: the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act (NREGA)’s portal.</p>
<p style="text-align: justify; ">The second two databases deal with the state of Andhra Pradesh: namely, the state government’s own NREGA portal and the online dashboard of a state government scheme called “Chandranna Bima”.</p>
<p style="text-align: justify; ">“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” the report’s authors, Amber Sinha and Srinivas Kodali, state.</p>
<p style="text-align: justify; ">The data leaks come, in part, from the government’s decision to provide online dashboards that were likely meant for general transparency and easy administration. However, as the report notes, while open data portals are a laudable goal, if there aren’t any proper safeguards, the results can be downright disastrous.</p>
<p style="text-align: justify; ">“While availability of aggregate information on the dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are,” the report says.</p>
<p style="text-align: justify; ">Consider the NSAP portal for instance. The dashboard allows users to explore a list of pensioners, whose personally identifiable information include bank account number, name and Aadhaar number. While these details are “masked for public view”, the CIS report points out that if “one of the URL query parameters of the website… was modified from ‘nologin’ to ‘login'”, it became easy to gain access to the unmasked details without a password.</p>
<p style="text-align: justify; ">“It is entirely unclear to us what the the purpose behind making available a data download pption on the NSAP website is. This feature allows download of beneficiary details mentioned above such as Beneficiary No., Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No. for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state,” the report states.</p>
<p style="text-align: justify; "><b>UIDAI role?</b></p>
<p style="text-align: justify; ">Kodali and Sinha also prominently finger the role of the Unique Identification Authority of India (UIDAI), the government agency that manages the Aadhaar initiative, in the data leaks.</p>
<p style="text-align: justify; ">“While the UIDAI has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data.With countless databases seeded with Aadhaar numbers, we would argue that it is extremely irresponsible on the part of the UIDAI, the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the report states.</p>
<p style="text-align: justify; "><b>Still public?</b></p>
<p style="text-align: justify; ">A crucial question that arises is whether these government databases are still leaking data. Over the last two months, some of information has been masked.</p>
<p style="text-align: justify; ">“It must be stated that since we began reviewing and documenting these portals, we have noticed that some of the pages with sensitive PII (personally identifiable information) have now been masked, presumably in response to growing reports about Aadhaar leaks,” the report notes.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-wire-may-1-2015-130-million-aadhaar-numbers-were-made-public-says-new-report'>http://editors.cis-india.org/internet-governance/news/the-wire-may-1-2015-130-million-aadhaar-numbers-were-made-public-says-new-report</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-20T06:32:32ZNews Item13 crore Aadhaar numbers on four government websites compromised: Report
http://editors.cis-india.org/internet-governance/news/new-indian-express-may-2-2017-akram-mohammed-13-crore-aadhaar-numbers-on-four-government-websites-compromised
<b>The lack of information security practices in key government websites which hosts Personally Identifiable Information (PII) has left citizens of the country more vulnerable to identity theft and financial fraud, a research paper has argued. </b>
<p style="text-align: justify; ">The article by Akram Mohammed was <a href="http://www.newindianexpress.com/nation/2017/may/02/13-crore-aadhaar-numbers-on-four-government-websites-compromised-report-1599999.html">published by the New Indian Express</a> on May 2, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">A paper by Amber Sinha and Srinivas Kodali of Centre for Internet and Society analysed four government websites and found that more than 13 crore Aadhaar numbers with related PII were available on the websites, exposing lax security features.</p>
<p style="text-align: justify; ">The paper published under Creative Commons is titled ‘Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information’ and was released on Monday.</p>
<p style="text-align: justify; ">Sinha and Kodali looked at databases on four government portals -- National Social Assistance Programme, National Rural Employment Guarantee Scheme, Chandranna Bima Scheme, Govt. of Andhra Pradesh and Daily Online Payment Reports website of NREGA, Govt. of Andhra Pradesh.</p>
<p style="text-align: justify; ">“We chose major government programmes that use Aadhaar for payments and banking transactions. We found sensitive and personal data and information accessible on these portals,” the report said.</p>
<p style="text-align: justify; "><b>Leaked through portals</b></p>
<p style="text-align: justify; ">“Based on the numbers available on the websites, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank account numbers leaked at around 100 million.</p>
<p style="text-align: justify; ">While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, that have also used Aadhaar for DBT, could have leaked PII similarly due to lack of information security practices,” it said.</p>
<p style="text-align: justify; ">They fear that data of over 23 crore beneficiaries under DBT of LPG subsidies could be leaked also. Identity theft and financial fraud “risks increase multifold in India...,” they said.</p>
<p style="text-align: justify; "><b>Aadhaar payments unsafe</b></p>
<p style="text-align: justify; ">In case a financial fraud takes place through Aadhaar enabled Payment System (AePS), the consumer may not be able to assert his claims for compensation due to the terms and conditions around liabilities.</p>
<p style="text-align: justify; ">“These terms force the consumer to take liabilities onto oneself than the payment provider..... Regulations and standards around Aadhaar are at a very early and nascent stage causing (an) increase in financial risk for both consumers and banks to venture into AePS,” they added. The authors also pulled up UIDAI for their inability in providing strong legislation against such leaks.</p>
<p style="text-align: justify; "><b>Leaky govt portals</b></p>
<p style="text-align: justify; ">National Social Assistance Programme</p>
<p style="text-align: justify; ">PII available - Access to Aadhaar no., name, bank account number, account frozen status 94,32,605 bank accounts linked with Aadhaar</p>
<p style="text-align: justify; ">14,98,919 post office accounts linked with Aadhaar numbers.</p>
<p style="text-align: justify; ">Though total Aadhaar number is 1,56,42,083, not all are linked to bank accounts</p>
<p style="text-align: justify; "><b>NREGA</b></p>
<p style="text-align: justify; ">PII Details available: Job card no., Aadhaar number, bank/postal account number, no. of days worked, registration no., account frozen status</p>
<p style="text-align: justify; ">78,74,315 post office accounts of individual workers seeded with Aadhaar numbers,</p>
<p style="text-align: justify; ">8,24,22,161 bank accounts of individual workers with Aadhaar numbers.</p>
<p style="text-align: justify; ">10,96,41,502 total number of Aadhaar numbers stored by portal</p>
<p style="text-align: justify; "><b>Other websites</b></p>
<p style="text-align: justify; ">Chandranna Bima Scheme, Govt. of Andhra Pradesh</p>
<p style="text-align: justify; ">Daily Online Payment Reports website of NREGA, Govt. of Andhra Pradesh</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/new-indian-express-may-2-2017-akram-mohammed-13-crore-aadhaar-numbers-on-four-government-websites-compromised'>http://editors.cis-india.org/internet-governance/news/new-indian-express-may-2-2017-akram-mohammed-13-crore-aadhaar-numbers-on-four-government-websites-compromised</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-03T15:19:52ZNews Item11th Meeting of Information Systems Security Sectional Committee (LITD 17)
http://editors.cis-india.org/internet-governance/news/11th-meeting-of-information-systems-security-sectional-committee-litd-17
<b>Udbhav Tiwari represented CIS at this meeting organized by the Bureau of Indian Standards (BIS) at Manak Bhavan, New Delhi on April 13, 2017.</b>
<p style="text-align: justify; ">The meeting was the national mirror meeting for the 28th ISO/IEC JTC 1/SC 27 Plenary and Working Group Meetings being held at Hamilton, New Zealand between the April 18 and 25, 2017. The meeting provided a fascinating insight into the government and industry viewpoints on key cyber security and privacy issues, especially on the Aadhaar.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/11th-meeting-of-information-systems-security-sectional-committee-litd-17'>http://editors.cis-india.org/internet-governance/news/11th-meeting-of-information-systems-security-sectional-committee-litd-17</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-04-19T02:57:03ZNews Item১৩ কোটি আধার তথ্য ফাঁস চার সরকারি পোর্টাল থেকে! বিস্ফোরক দাবি রিপোর্টে
http://editors.cis-india.org/internet-governance/news/amar-bazar-patrika-may-2-2017-13-crore-aadhaar-leaked-due-to-poor-security-in-4-govt-websites
<b>খোদ সরকারি পোর্টাল থেকে কয়েক কোটি আধার নম্বর ও যাবতীয় তথ্য ‘ফাঁস’!</b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="http://abpananda.abplive.in/india-news/13-crore-aadhaar-leaked-due-to-poor-security-in-4-govt-websites-334778">Amar Bazar Patrika</a> on May 2, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">অভিযোগ, গত কয়েক মাসে প্রায় ১৩ কোটি আধার নম্বরের যাবতীয় ব্যক্তিগত ও সংবেদনশীল তথ্য ফাঁস হওয়ার ঘটনা ঘটেছে। আর এসবই হয়েছে চারটি সরকারি পোর্টাল থেকে তথ্যপ্রযুক্তি সুরক্ষার ঘাটতির জেরে! যা ঘিরে এখন তোলপাড় দেশ।</p>
<p style="text-align: justify; ">সম্প্রতি, এমনই বিস্ফোরক রিপোর্ট প্রকাশ করেছে অলাভদায়ক সংগঠন সেন্টার ফর ইন্টারনেট অ্যান্ড সোসাইটি (সিআইএস)। তাদের আশঙ্কা, চারটি সরকারি পোর্টালের মাধ্যমে ১০ কোটি মানুষের ব্যাঙ্ক অ্যাকাউন্ট নম্বরও ফাঁস হয়ে থাকতে পারে।</p>
<p style="text-align: justify; ">সংস্থার দাবি, যে চারটি পোর্টাল থেকে এই সব তথ্য ফাঁসের অভিযোগ, তার মধ্যে দু’টি অন্ধ্রপ্রদেশ সরকারের ওয়েবসাইট। বাকি দুটি পোর্টাল হল ন্যাশনাল সোশ্যাল অ্যাসিস্ট্যান্স প্রোগ্রাম এবং ন্যাশনাল রুরাল এমপ্লয়মেন্ট গ্যারান্টি স্কিম-এর।</p>
<p style="text-align: justify; ">এই গোটা ঘটনার জন্য ইউনিক আইডেন্টিফিকেশন অথরিটি অফ ইন্ডিয়া বা ইউআইডিএআই–কেই দায়ী করেছে সিআইএস। তাদের দাবি, আধার নিয়ন্ত্রক সংস্থার ‘দায়িত্বজ্ঞানহীনতার’ জন্যই এই উদ্ভুত পরিস্থিত সৃষ্টি হয়েছে।</p>
<p style="text-align: justify; ">সিএনআই-এর আরও দাবি, বিভিন্ন সরকারি ও বেসরকারি পোর্টাল—যারা আধার তথ্য ব্যবহার করে থাকে, তাদের নিজস্ব সুরক্ষা-ব্যবস্থা খতিয়ে দেখেনি ইউআইডিএআই। ফলত, এই বিপত্তির সম্মুখীন কয়েক কোটি মানুষ।</p>
<p style="text-align: justify; ">যদিও, ইউআইডিএআই -এর দাবি, তাদের ডেটাবেস থেকে কোনও তথ্য ফাঁস হয়নি।</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/amar-bazar-patrika-may-2-2017-13-crore-aadhaar-leaked-due-to-poor-security-in-4-govt-websites'>http://editors.cis-india.org/internet-governance/news/amar-bazar-patrika-may-2-2017-13-crore-aadhaar-leaked-due-to-poor-security-in-4-govt-websites</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-20T11:45:42ZNews Item(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information
http://editors.cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1
<b>Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, welfare exclusion, and security concerns. In this study, we document numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites. This report highlights four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites.
</b>
<p> </p>
<h4>Read the updated report: <a class="external-link" href="https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof/" target="_blank">Download</a> (pdf)</h4>
<h4>Read the first statement of clarification (May 16, 2017): <a class="external-link" href="https://cis-india.org/internet-governance/clarification-on-information-security-practices-of-the-aadhaar-report/" target="_blank">Download</a> (pdf)</h4>
<h4>Read the second statement of clarification (November 05, 2018): <a class="external-link" href="https://cis-india.org/internet-governance/blog/clarification-on-the-information-security-practices-of-aadhaar-report" target="_blank">Link to page</a> (html)</h4>
<hr />
<p><em>We are grateful to Yesha Paul and VG Shreeram for research support.</em></p>
<hr />
<p>In the last month, there have been various reports pointing out instances of the public disclosure of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these public disclosures reported contain personally identifiable information of beneficiaries or subjects of the non UIDAI databases containing Aadhaar numbers of individuals along with other personal identifiers. All of these public disclosures are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of such events, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects. During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other PII of individuals on government websites. In this paper, we highlight four government projects run by various government departments with publicly available financial data and Aadhaar numbers. Our research is focussed largely on the data published by or pertaining to where Aadhaar data is linked with banking information. We chose major government programmes using Aadhaar for payments and banking transactions. We found sensitive and personal data and information very easily accessible on these portals.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1'>http://editors.cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1</a>
</p>
No publisherAmber Sinha and Srinivas KodaliDigital IDPrivacyNDSAPData ProtectionAccountabilityFeaturedData GovernanceAadhaarDigitisationHomepageInternet GovernanceData Management2019-03-13T00:29:01ZBlog Entry'Aadhaar' Of Your Existence Or Card Of Controversy?
http://editors.cis-india.org/internet-governance/news/ndtv-may-3-2017-aadhaar-of-your-existence-or-card-of-controversy
<b> recent report estimates that details of 13 crore Aadhaar card holders have been leaked from four government websites. These include bank account details, income levels, addresses, even caste and religion details.</b>
<p>This was <a class="external-link" href="https://www.youtube.com/watch?v=xaY4WHrs-OQ">telecasted by NDTV</a> on May 3, 2017. Amber Sinha was a panelist.</p>
<hr />
<p style="text-align: justify; ">As the Supreme Court questioned the government about this, the centre admitted for the first time that the leaks had taken place but passed the onus on to state governments. It also argued that no technology was a 100 per cent foolproof but that couldn't be the basis for a constitutional challenge. Those who have petitioned against making Aadhar mandatory for filing income tax say no other democratic country has such a requirement and allege that it shows the sinisterness of the government.</p>
<h3 style="text-align: justify; ">Video</h3>
<p><iframe frameborder="0" height="315" src="https://www.youtube.com/embed/xaY4WHrs-OQ" width="560"></iframe></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/ndtv-may-3-2017-aadhaar-of-your-existence-or-card-of-controversy'>http://editors.cis-india.org/internet-governance/news/ndtv-may-3-2017-aadhaar-of-your-existence-or-card-of-controversy</a>
</p>
No publisherpraskrishnaVideoAadhaarInternet GovernancePrivacy2017-05-20T12:24:20ZNews Item"Will the Magic Number Deliver?" - Roundtable on Aadhaar at CSLG, JNU, April 26
http://editors.cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016
<b>The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), will organise a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Rajeev Chandrasekhar, Prasanna S, Apar Gupta, and Chirashree Dasgupta, Sumandro Chattapadhyay will be one of the discussants. It will take place in the CSLG Conference Room at 6 pm.</b>
<p> </p>
<h3>Discussion Note</h3>
<p>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, was enacted by the Parliament on March 16. Thereafter it has been notified on March 26.</p>
<p>The Act empowers the UIDAI (Unique Identification Authority of India) to collect biometric and demographic information of residents to provide them with a unique number. This unique number is to be used for enumeration, identification and targeting of beneficiaries of government subsidies and services.</p>
<p>Since the creation of the UIDAI as an executive authority in 2009, this process of enumeration has been ongoing. Recently, it was announced that more than 100 crore residents have been given their aadhaar cards. Alongside, however, legal challenges have continued in the Supreme Court.</p>
<p>Given this context, this Roundatable Discussion will focus on the following set of questions (among others):</p>
<ul><li>
<p>Can the Aadhaar Number enable better delivery of government subsidies and services?</p>
</li>
<li>
<p>How does the Act ensure data protection?</p>
</li>
<li>
<p>Is there a right to privacy in India? What are the implications in the context of Aadhaar?</p>
</li>
<li>
<p>Does the Act ensure public access to statutory remedies in case of violations?</p>
</li>
<li>
<p>Did the Aadhaar Bill fulfil the requirements of a money bill?</p>
</li></ul>
<p> </p>
<h3>Discussion Format</h3>
<p>Setting the Theme - Short Introduction to the Topic by Natasha Goyal</p>
<p>Speakers' comments, 15 minutes each, consecutive, no power points</p>
<ul><li>
<p><a href="https://twitter.com/rajeev_mp">Rajeev Chandrasekhar</a>, Member of Parliament, Rajya Sabha</p>
</li>
<li>
<p><a href="https://twitter.com/ajantriks">Sumandro Chattapadhyay</a>, the Centre for Internet and Society</p>
</li>
<li>
<p><a href="https://twitter.com/prasanna_s">Prasanna S</a>, Lawyer</p>
</li>
<li>
<p><a href="https://twitter.com/aparatbar">Apar Gupta</a>, Advocate, Delhi High Court</p>
</li>
<li>
<p><a href="http://www.jnu.ac.in/FacultyStaff/ShowProfile.asp?SendUserName=chirashree">Dr. Chirashree Dasgupta</a>, Centre for the Study of Law and Governance</p>
</li></ul>
<p>Open Session (Moderated Q and A)</p>
<p>Followed by Tea</p>
<h3>Directions to Venue</h3>
<p>From JNU main gate, proceed straight until you get to a T-junction. Turn left. Continue until you reach a second T-junction. Turn right. Follow the road for just 0.7 km until you see a bus stop labelled “Paschimmabad.” About 50 m past the bus stop turn right at a sign that reads: “Centre for the Study of Law and Governance”. The CSLG building is on the right. The conference room is on the first floor.</p>
<h3>Poster</h3>
<img src="http://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016/leadImage" alt="CSLG Roundtable Discussion - Will the Magic Number Deliver? - April 26, 6 pm" />
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016'>http://editors.cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016</a>
</p>
No publishersumandroUIDPrivacyDigital IndiaAadhaarBiometrics2016-04-20T10:49:58ZEvent"Aadhaar Reduced Agency in Citizens and Empowered Those in Positions of Authority"
http://editors.cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority
<b>In the space of one election cycle, authoritarian governments, moneyed elites and fringe hackers figured out how to game elections, bypass democratic processes, and turn social networks into battlefields. Facebook, Google and Twitter – where our politics now takes place – have lost control and are struggling to claw it back. As our lives migrate online, we are gradually moving into a world of datafied citizens and real-time surveillance. The entire political landscape has changed, with profound consequences for democracy. </b>
<p style="text-align: justify; ">The article by Martin Moore was <a class="external-link" href="https://www.newsclick.in/aadhar-reduced-agency-citizens-and-empowered-those-positions-authority">published by NewsClick</a> on May 20, 2019. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><em>Written by Martin Moore,</em> Democracy Hacked: Political Turmoil and Information Warfare in the Digital Age,<em> is a compelling account of how democracy is being disrupted by the tech revolution, and what can be done to get us back on track. The following are excerpts from the chapter </em>"Survellaince Democracy" <em>of the book.</em></p>
<p style="text-align: justify; ">Tembhli, a remote rural village in northern Maharashtra, about 250 miles north of Mumbai, is rarely visited by high-powered politicians or prominent dignitaries. But on Wednesday, 29 September 2010, it found itself hosting not just the Indian prime minister, Manmohan Singh, but the president of Congress, Sonia Gandhi; the chief and deputy chief ministers and the governor of Maharashtra; and the head of the recently established Unique Identification Authority of India, Nandan Nilekani. It was this last figure, the least well known of the distinguished group, who was the reason behind the visit, and who would subsequently play the most important role in its aftermath. Nilekani and the politicians were there to give out the first ten ‘unique identifiers’ to residents of Tembhli. These ten people received their own twelve-digit number, a number that would, from that day forward, distinguish each of them from every other Indian citizen, and indeed – combined with their biometric data – from every other citizen in the world. “With this,” Sonia Gandhi said, “Tembhli has got a special importance in the map of India. People of Tembhli will lead the rest of the country. It is a historic step towards strengthening the people of our nation.”</p>
<p style="text-align: justify; ">Governments of all stripes are prone to exaggerated rhetoric, but in this instance, Gandhi was proved right when she proclaimed that “starting from this tiny hamlet, the scheme will reach more than a billion people of this country.” Despite the change of government in 2014, by April 2016 a billion Indians had been allocated their unique identifier. By 2018 the number had exceeded 1.1 billion, out of a total population of just over 1.3 billion. It was, in the words of a Harvard Business School report, a “hugely ambitious project”, “the largest-scale project of its kind in the world”. Aadhaar, as the project was called, was “unique in its scale and ambition”.3 Each Aadhaar identifier included not just a twelve-digit number, but all ten fingerprints, iris scans from both eyes, and a photograph of each person’s face (with the potential for facial recognition later). By combining the number with one element of biometric data, the government believed, it could ensure that every Indian citizen had a single, verifiable, machine-readable identity. With this verifiable identity a citizen could open a bank account, receive welfare or pension payments, pay tax, apply for a driving license, or receive healthcare, regardless of literacy. In a country known for its administrative torpor and tortuous bureaucracy, where – in 2013 – only forty per cent of children’s births were even registered, such a scheme had the potential to let India leapfrog other democratic countries into the digital era, and make government not just digitally enabled but digitally empowered.</p>
<p style="text-align: justify; ">Yet this, for critics of the scheme, was one of its many flaws. “Aadhaar marks a fundamental shift in citizen–state relations,” Pranesh Prakash from India’s Centre for the Internet and Society wrote in the <em>Hindustan Times</em>, “from ‘We the People’ to ‘We the Government’.” Civil society activists objected to the government’s enhanced power, and the relative unaccountability of the body running Aadhaar, headed by Nandan Nilekani until 2014. “In effect,” tech developer and activist Kiran Jonnalagadda wrote, “they are beyond the rule of law.” Others had practical objections.</p>
<p style="text-align: justify; ">Biometric identification often did not work. A database of this size and importance was bound to attract hackers. Leaks were inevitable. Indeed, the <em>Tribune</em> newspaper in January 2018 revealed that it had been able to buy a service, for 500 rupees (less than $10), that gave it access to any of up to one billion Aadhaar details. Yet such objections were written off as ‘scaremongering’ and Aadhaar critics as “activists of the upper crust, upper class, wine ’n cheese, Netflix-watching social media elite”. On top of which, despite an Indian Supreme Court judgment in August 2017 that affirmed the fundamental right of Indians to privacy, by early 2018 Aadhaar had achieved such momentum as to appear unstoppable. If the government was able to navigate the various legislative challenges to the scheme, then there was also a queue of other nations keen to adopt something similar.</p>
<p style="text-align: justify; ">[…]</p>
<p style="text-align: justify; ">As the government pushed Aadhaar towards every interaction the state had with the citizen, evidence mounted of failures in the system.</p>
<p style="text-align: justify; ">In the north-eastern state of Jharkhand, an eleven-year-old girl died of starvation after her family stopped receiving their government food ration. Their ration card, the Hindu Centre for Politics and Public Policy reported, “was not linked to Aadhaar”. The centre also reported on data, taken from the government’s websites, showing that in Rajasthan, where receiving rations was dependent on Aadhaar authentication, between a quarter and a third of people with ration cards did not receive rations between September 2016 and July 2017. In some ration shops, after having spent hours trying and failing to get their fingerprints read by the biometric machines, people lost their temper and smashed the machines on the ground.</p>
<p style="text-align: justify; ">Across India there were reports of machines not recognizing fingerprints, or only recognizing them after multiple attempts. Old people’s prints turned out to be more difficult to read, as were those of manual workers and fishermen. Since the system presumes guilt rather than innocence, the burden of proof lies with the citizen, not with the state. To claim a ration, apply for a scholarship or buy a train ticket, you have to prove who you are before receiving it. The obligation lies with the citizen to prove she is not a fraud. Even if she is not, and the failure is not with her but with the system, she pays for the system’s failure, not the government. To dispute a decision made by the machine means going to the nearest large town – often many miles away – and convincing an official that the problem is with the machine or the digital record, not with you. It is not surprising that some people wrecked Aadhaar machines in their rage.</p>
<p style="text-align: justify; ">While the system was found to reduce agency in citizens, it empowered those in positions of authority. Central government was able to make public services conditional on authentication by Aadhaar (despite repeated court rulings that Aadhaar be voluntary, not mandatory). This conditionality could then be extended to the level and type of public services available to individuals. In fact, it had to be for many services – distinguishing pensioners from non-pensioners, for example. Yet in this conditionality, there is plenty of scope for harm and abuse. In 2017 the independent media site <em>Scroll.in</em> reported a rising number of HIV-positive patients who were dropping out of treatment programmes because they were required to use their Aadhaar numbers and were fearful of their condition becoming public.</p>
<p style="text-align: justify; ">Equally, while Aadhaar itself did not provide any information about caste, ethnicity, religion or language, once it was linked to other databases, most notably the National Population Register, then it became possible to identify people by group. Formal group identification by the state has an ignominious history. During the apartheid era in South Africa, the penultimate number on the South African identity card indicated race. In the Rwandan genocide in 1994, anyone who had ‘Tutsi’ on their identification was liable to be killed. In Nazi Germany in 1938, every Jewish citizen had ‘J’ stamped on their ID cards and passports. In India, where political and religious divisions are closely intertwined, there is good reason to be anxious about new opportunities for group identification.</p>
<p style="text-align: justify; ">Thanks to Aadhaar, companies started to build services using unique identification. A series of ‘trust platforms’ emerged, built on top of Aadhaar, where employers – and others – could access and authenticate people’s identity. A company called TrustID advertised itself as “India’s first, unique and comprehensive online verification platform”. Through TrustID an employer could check whether a potential employee had any criminal or civil convictions, or whether that person had a good or bad reputation (based on a news search and social media profiling). The company even encouraged women to check up on potential husbands they had found via marriage websites. Other international companies integrated Aadhaar into existing services. This is similar to the way in which companies work with platforms like Facebook to profile, and target, individuals based on their personal information – except in this instance doing it via the government. All the same questions about trust, privacy, freedom and power arise, with even greater political potency. The state and private companies are in partnership to track citizens constantly and to gather as much data as they can on them – data that they can then use for commercial or political purposes. This opaque, asymmetrical knowledge of the citizen seems like the reverse of what was intended by democratic transparency, especially in the absence of strong privacy and data protection. “Totalitarian states often do this against the wishes of their citizens,” Pratap Bhanu Mehta, the president of the Centre for Policy Research, writes, yet “in our democracy, our consent is being mobilized to put an imprimatur over more control and arbitrariness.”</p>
<p style="text-align: justify; ">In August 2017, the Supreme Court of India came to a unanimous 9–0 decision that Article 21 of the Indian Constitution did guarantee a fundamental right to privacy. As such, it was not lawful for the government to make it mandatory for people to identify themselves using a unique identifier like Aadhaar, except in specific circumstances. To some this looked like a huge blow to the grand project. The Supreme Court decision “raises serious questions about Aadhaar”, lawyer Adarsh Ramanujan argued in India’s <em>Financial Express</em>, and appeared to send “a direction to the central government to create a regime to ensure that privacy rights are not trammelled by other private parties”. The judgment was about privacy broadly, and did not refer to specific cases like Aadhaar, but was seen as the basis from which future challenges to the scheme could be launched. The Modi government, however, appeared to carry on regardless. In October it linked Aadhaar to driving licence applications. By mid-December, the government had made Aadhaar mandatory if citizens wanted to access any of 140 government services.</p>
<p style="text-align: justify; ">Nandan Nilekani, who had stepped down as chair of Aadhaar in 2014 in order to become a candidate for the Congress party, railed against those who criticized the scheme. There was, he claimed, an “orchestrated campaign” to malign the system. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he told an Indian business news channel. Anyway, Nilekani argued, it was too late for the naysayers to stop it. Too many people were now enrolled. It was too integral to the provision of services. Others saw attacks on Aadhaar as political, arguing that Congress was using it for political gain prior to the 2019 election, and that this would backfire. “Aadhaar today is not just a number,” the editor of India’s <em>Economic Times</em>wrote. “The Congress envisaged it as a means of identity but the Modi government has taken it to a different level. It has become a weapon in the hands of the poor and a powerful tool to fight entrenched black money interests. It is now a symbol of anti-corruption, anti-black money drives, a symbol of efficient allocation of welfare benefits.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority'>http://editors.cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority</a>
</p>
No publisherMartin MooreAadhaarInternet Governance2019-05-21T15:33:01ZNews Item